package com.hunterai.config;

import org.apache.shiro.realm.Realm;
import org.apache.shiro.realm.text.TextConfigurationRealm;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfig {

    @Bean
    public Realm realm() {
        TextConfigurationRealm realm = new TextConfigurationRealm();
        realm.setUserDefinitions("admin=admin,admin\nuser=user,user");
        realm.setRoleDefinitions("admin=*\nuser=read");
        return realm;
    }

    @Bean
    public ShiroFilterChainDefinition shiroFilterChainDefinition() {
        DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
        
        // 明确允许认证接口匿名访问
        chainDefinition.addPathDefinition("/api/auth/**", "anon");
        
        // Logged in users with the 'admin' role
        chainDefinition.addPathDefinition("/admin/**", "authc, roles[admin]");
        
        // Logged in users with the 'user' role
        chainDefinition.addPathDefinition("/user/**", "authc, roles[user]");
        
        // All other paths require authentication
        chainDefinition.addPathDefinition("/**", "anon");
        
        return chainDefinition;
    }
} 